Notes on switching between layer-3 switches and NAT addresses for linux networks

1: a layer-3 switch can solve the single-arm routing traffic bottleneck problem, mainly through one route multiple exchanges. 2: Layer-3 switch principle: through 1: Layer-3 switch can solve the single-arm routing traffic bottleneck problem, mainly through one route multiple exchanges.

2: Layer-3 switch principle: Find the mac address and the target mac address once through the route table, and then record the mac address and the target mac address to form a ing relationship between the route table and the arp table, in the future, data will be directly forwarded through hardware when different VLANs are exchanged.

3: a layer-3 switch can configure a route table and create a virtual vlan to configure the corresponding vlan gateway.

4: The ip address of the vlan configured for the switch is for remote management of the switch. the ip virtual ports of the switch in the Lan are configured as the same vlan.

5: each vlan has a mac address.

Configuration steps:

1: enable the virtual vlan port.

2: enable the routing function ip routing

3: Create a remote vlan virtual port

II. NAT configuration
1: NAT is divided:
A. static conversion: bind an intranet address to an Internet public address. Suitable for publishing servers
B. Dynamic conversion. it automatically converts all intranet addresses to one or more public addresses, and is suitable for intranet access.
C. port multiplexing (PAT). you can bind the intranet and port to a public address to access the Internet.

3. NAT configuration on the vro
A: static conversion configuration
1: enter configure terminal mode, enter the command ip address nat inside source static private address public address
2: enable the internal NAT port to enter the port to use the NAT function, enter the command ip nat inside to enable the NAT service
3: enable the external NAT port to enter the port to use the NAT function, enter the command ip nat outside to enable the NAT service

B: Dynamic conversion configuration
1: Enter the configure terminal mode and enter access-list 1 172.16.0.0 0.0.0.255 (mask anti-code). here, you can set the CIDR block for NAT translation. For example, 172.16.0.0. List 1 indicates the code of the CIDR block.
2: Create an address pool in configure mode. Enter the ip address nat pool pool_name A. B .C.D (starting public IP address) A. B .C.D (ending public IP address) netmask 255.255.255.0.
3: bind the control table to the address pool. in configure mode, enter ip nat inside source list 1 pool pool_name.
4: Start the internal and external NAT ports, just like static configurations.
5: show run to check whether the configuration is successful.
Note! The maximum number of Internet IP addresses configured for NAT at the same time is the total number of public IP addresses. after all NAT addresses are allocated, other private IP addresses cannot access the Internet.

C: port multiplexing configuration
A. bind a public IP address
Like dynamic configuration, the dynamic pool is configured as ip nat pool pool_name 172.15.10.10 172.15.10.10.
Bind the dynamic ip address pool ip address nat inside source list 1 pool pool_name overload. this parameter is added more than dynamic conversion.
B. you can bind a port when the public IP address is also dynamically allocated. Command:
Ip nat inside source list 1 interface fa0/0